News is breaking that Canon has been hit by Maze ransomware gang – notoriously known for double extortion threats – and their stealthy TTPs.
John Shier, senior security advisor, Sophos comments on the news:
The ransomware attack on Canon is yet another example of the Maze gang’s sustained and brazen targeting of enterprises. Following other recent high profile attacks, this latest salvo should be a wake-up call to all the enterprises who haven’t taken the time to assess their security posture and bolster their defenses against these pernicious adversaries.
“Many of these attacks start by exploiting external services or simple phishing campaigns. The successful campaigns will often be followed by living-off-the-land techniques, abusing over-privileged and under-protected accounts, and hiding in plain sight.
“Enterprises must take the time to ensure they’ve built a strong security foundation (e.g. principle of least privilege, MFA everywhere, patching, user training, etc.), which includes investment in both prevention and detection technologies today if they don’t want to be a victim tomorrow.”
Also as a reference, please see Sophos’ very recent research and articles on Maze:
- The Realities of Ransomware: extortion goes social – by John Shier about Maze ransomware extortions (published, Aug. 4, 2020)
- Maze ransomware: extorting victims for 1 year and counting – deep dive on Maze
- Nuclear missile contractor hacked in Maze ransomware attack – Naked Security
- Maze hits US giant Congnizant – Naked Security
See more news here.